Configure MID Server and Tenable

Create queries to send the most
relevant vulnerabilities to Vulnerability Response.

Configure a query for high‑ and critical‑risk
vulnerabilities.

Set up a MID Server that’s registered with the ServiceNow instance
you’ll be using for Vulnerability Response. For more information,
please refer to the ServiceNow product documentation.

Once your is MID Server configured, it allows your ServiceNow cloud
instance to execute commands in your enterprise IT environment. In
this case, it allows your on‑premises Tenable SecurityCenter to
communicate with your ServiceNow instance without having to create
special firewall rules.

Take a look at Figure 1 to see how Tenable SecurityCenter integrates
with ServiceNow.

Figure 1: The architecture of the integration
of the Tenable SecurityCenter with ServiceNow

Step 1: Configure a SecurityCenter account to use with ServiceNow

From the Users drop‑down list, select New.

Click +Add to create a new user account.

Fill in
the fields with the relevant information.

From the Role drop‑down list under Membership,
select Security Manager.

From
the Group drop‑down list, select Full Access. (See
Figure 2.)

Under Group Permissions, enable Manage
All Users and Manage All Objects and select the Full
Access check boxes under User Permission and Object
Permission. (see Figure 3.)

Click Submit.

Figure 2: Membership Role and Group selections

Figure 3: Group Permissions selections

This creates an account that allows ServiceNow to connect to
SecurityCenter to retrieve the vulnerability data via the MID Server.

Step 2: Configure a query

Configure at least one query in Tenable SecurityCenter:

Add a name.

Add a description and tag
(optional).

From the Type drop‑down list,
select Vulnerability.

From the Tool drop‑down
list, select Vulnerability Detail List.

Figure 4: Configuring a Tenable SecurityCenter query

You’ll use this query in a later step, when you configure the Tenable
SecurityCenter for the Vulnerability Response app in your ServiceNow instance.

Configure a filter query for high‑risk vulnerabilities

If you want to focus on managing high‑ to critical‑risk
vulnerabilities (most organizations do):

When you apply these filters, ServiceNow only pulls in the
vulnerabilities with existing exploits that have a high or critical
severity. You can continue to tune the filter after the initial run
with selections like Patch Published, CVE ID, etc.

Discover the systems impacted by a specific vulnerability

If you are trying to determine which systems are impacted by a
specific vulnerability—for example, if a new exploit is making
headlines—create a query with the filter CVE ID. Yes, you can
add multiple CVEs to this query.

When you do this, SecurityCenter sends only the items that match the
CVE filters, and you get a prioritized list of configuration items to
target for remediation right away.